Struct bonsaidb_local::vault::LocalVaultKeyStorage
source · [−]pub struct LocalVaultKeyStorage { /* private fields */ }Expand description
Stores vault key locally on disk. This is in general considered insecure, and shouldn’t be used without careful consideration.
The primary goal of encryption within BonsaiDb is to offer limited encryption at-rest. Within these goals, the primary attack vector being protected against is an attacker being able to copy the data off of the disks, either by physically gaining access to the drives or having filesystem access. By storing the vault key on the same physical media, the encryption should be considered insecure because if you can gain access to the data, you have access to the keys as well.
For production environments, it is much more secure to store the vault key in a separate location. We recommand any S3-compatible backend.
Implementations
Trait Implementations
sourceimpl Clone for LocalVaultKeyStorage
impl Clone for LocalVaultKeyStorage
sourcefn clone(&self) -> LocalVaultKeyStorage
fn clone(&self) -> LocalVaultKeyStorage
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source. Read more
sourceimpl Debug for LocalVaultKeyStorage
impl Debug for LocalVaultKeyStorage
sourceimpl VaultKeyStorage for LocalVaultKeyStorage
impl VaultKeyStorage for LocalVaultKeyStorage
type Error = LocalVaultKeyStorageError
type Error = LocalVaultKeyStorageError
The error type that the functions return.
Auto Trait Implementations
impl RefUnwindSafe for LocalVaultKeyStorage
impl Send for LocalVaultKeyStorage
impl Sync for LocalVaultKeyStorage
impl Unpin for LocalVaultKeyStorage
impl UnwindSafe for LocalVaultKeyStorage
Blanket Implementations
sourceimpl<T> AnyVaultKeyStorage for T where
T: 'static + VaultKeyStorage,
impl<T> AnyVaultKeyStorage for T where
T: 'static + VaultKeyStorage,
sourcefn vault_key_for<'life0, 'async_trait>(
&'life0 self,
server_id: StorageId
) -> Pin<Box<dyn Future<Output = Result<Option<KeyPair>, Error>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
fn vault_key_for<'life0, 'async_trait>(
&'life0 self,
server_id: StorageId
) -> Pin<Box<dyn Future<Output = Result<Option<KeyPair>, Error>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
Retrieve all previously stored master keys for a given storage id.
sourcefn set_vault_key_for<'life0, 'async_trait>(
&'life0 self,
server_id: StorageId,
key: KeyPair
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
fn set_vault_key_for<'life0, 'async_trait>(
&'life0 self,
server_id: StorageId,
key: KeyPair
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
Store a key. Each server id should have unique storage. The keys are uniquely encrypted per storage id and can only be decrypted by keys contained in the storage itself. Read more
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcepub fn borrow_mut(&mut self) -> &mut T
pub fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
impl<T> Pointable for T
impl<T> Pointable for T
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcepub fn to_owned(&self) -> T
pub fn to_owned(&self) -> T
Creates owned data from borrowed data, usually by cloning. Read more
sourcepub fn clone_into(&self, target: &mut T)
pub fn clone_into(&self, target: &mut T)
toowned_clone_into)Uses borrowed data to replace owned data, usually by cloning. Read more
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
pub fn vzip(self) -> V
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
Attaches the provided Subscriber to this type, returning a
WithDispatch wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>
fn with_current_subscriber(self) -> WithDispatch<Self>
Attaches the current default Subscriber to this type, returning a
WithDispatch wrapper. Read more